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Claims 

1 1 . A digital data storage subsystem for storing data in digital form comprising: 

2 A. a storage medium configured to store digital data; 

3 B. a storage control module configured to 

4 i. in response to a storage request requesting storage of digital data, receive the digital 

5 data that is to be stored in response to the storage request from a source, encrypt the 
received digital data using a selected encryption key and enable the encrypted digital 

7lU data to be stored on the storage medium; and 

8;? ii. in response to a retrieval request requesting retrieval of digital data, enable at least 

9jU one selected portion of the encrypted digital data to be retrieved from the storage 

1 Oq medium, decrypt the retrieved encrypted digital data using a selected decryption key, 

lip and provide the decrypted digital data to a destination; and 

12 C. a sanitization control module configured to, in response to a sanitization request, make the 

13 decryption key unavailable to the storage control module, thereby disabling the storage 

14 control module from thereafter decrypting the encrypted digital data stored on the storage 

1 5 medium. 
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1 2. A digital data storage system as defined in claim 1 in which the storage medium is a magnetic 

2 medium, in which the encrypted digital data is stored in magnetic form. 

1 3. A digital data storage system as defined in claim 2 in which the magnetic medium is a disk. 

1 4. A digital data storage system as defined in claim 1 in which the storage medium is an electronic 

2 £3 medium, in which the encrypted digital data is stored in electronic form. 

Cxi 

I'm 5. A digital data storage system as defined in claim 1 in which the storage control module is 

2p configured to make use of a symmetric key encryption and decryption methodology in encrypting 

3Q the digital data and decrypting the encrypted digital data. 

1 6. A digital data storage system as defined in claim 1 in which the storage control module is 

2 configured to make use of an asymmetric key encryption and decryption methodology in encrypting 

3 the digital data and decrypting the encrypted digital data. 
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7. A digital data storage system as defined in claim 1, the digital data storage system further 
comprising a decryption key store configured to store the decryption key, and the storage control 
module is configured to make use of the decryption key stored in the decryption key store in 
decrypting the encrypted digital data. 

8. A digital data storage system as defined in claim 7 in which the sanitation control module is 
configured to make the decryption key unavailable to the storage control module by wiping the 
decryption key from the decryption key store. 

9. A digital data storage system as defined in claim 8 in which the sanitation control module is 
configured to wipe the decryption key from the decryption key store by erasing the decryption key 
store. 

10. A digital data storage system as defined in claim 1, the digital data storage system further 
comprising a key generator configured to generate the decryption key. 
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1 11. A digital data storage system as defined in claim 10 in which the key generator module is 

2 configured to generate the decryption key from two bit patterns provided thereto using a 

3 predetermined generation methodology. 

1 12 A digital data storage system as defined in claim 11 in which the key generator module is 

2 configured to generate the decryption key by concatenating the bit patterns together. 

1 13. A digital data storage system as defined in claim 11 in which the key generator module is 

25^ configured to generate the decryption key by exclusive-ORing the bit patterns together. 

■ri- 
ffs 

llJ 14. A digital data storage system as defined in claim 11 in which the key generator module is 

2jJ configured to store the decryption key in a decryption key store, and the sanitation control module 

3 is configured to make the decryption key unavailable by making the decryption key and at least one 

4 of the bit patterns unavailable. 

1 15. A computer program product for use in connection with a processor to provide a sanitizing 

2 subsystem for sanitizing a digital data storage subsystem for storing data in digital form, the 

3 computer program product comprising: 
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4 A. a storage control module configured to enable the processor to 

5 i. in response to a storage request requesting storage of digital data, receive the digital 

6 data that is to be stored in response to the storage request from a source, encrypt the 

7 received digital data using a selected encryption key and enable the encrypted digital 

8 data to be stored on the storage medium; and 

9 ii. in response to a retrieval request requesting retrieval of digital data, enable at least 
10 one selected portion of the encrypted digital data to be retrieved from the storage 
1 1 0 medium, decrypt the retrieved encrypted digital data using a selected decryption key, 
122 s ! and provide the decrypted digital data to a destination; and 

13y^ B. a sanitization control module configured to enable the processor to, in response to a 

14T sanitization request, make the decryption key unavailable to the storage control module, 

1 5 |a thereby disabling the storage control module from thereafter decrypting the encrypted digital 

1 6€1 data stored on the storage medium. 

1 16. A computer program product as defined in claim 15 in which the storage control module is 

2 configured to enable the processor to make use of a symmetric key encryption and decryption 

3 methodology in encrypting the digital data and decrypting the encrypted digital data. 
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1 17. A computer program product as defined in claim 15 in which the storage control module is 

2 configured to enable the processor to make of an asymmetric key encryption and decryption 

3 methodology in encrypting the digital data and decrypting the encrypted digital data. 

1 18. A computer program product as defined in claim 15, in which the storage control module is 

2 configured to enable the processor to make use of the decryption key stored in a decryption key store 

3 in decrypting the encrypted digital data. 

>n 

lm 19. A computer program product as defined in claim 18 in which the sanitation control module is 

2pi configured to enable the processor to make the decryption key unavailable to the storage control 

3Q module by wiping the decryption key from the decryption key store. 

m 

'■a?ssr 

1 20. A computer program product as defined in claim 19 in which the sanitation control module is 

2 configured to enable the processor to wipe the decryption key from the decryption key store by 

3 erasing the decryption key store. 

1 21. A computer program product as defined in claim 15, the computer program product further 

2 comprising a key generator configured to enable the processor to generate the decryption key. 
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22. A computer program product as defined in claim 21 in which the key generator module is 
configured to enable the processor to generate the decryption key from two bit patterns provided 
thereto using a predetermined generation methodology. 

23 A computer program product as defined in claim 22 in which the key generator module is 
configured to enable the processor to generate the decryption key by concatenating the bit patterns 
together. 

24. A computer program product as defined in claim 22 in which the key generator module is 
configured to enable the processor to generate the decryption key by exclusive-ORing the bit 
patterns together. 

25. A computer program product as defined in claim 22 in which the key generator module is 
configured to enable the processor to store the decryption key in a decryption key store, and the 
sanitation control module is configured to enable the processor to make the decryption key 
unavailable by making the decryption key and at least one of the bit patterns unavailable. 



-20- 



SGL-001 

1 26. A method of operating a digital data storage subsystem for storing data in digital form, the 

2 method comprising: 

3 A. a storage control step in which 

4 i. in response to a storage request requesting storage of digital data, the digital data that 

5 is to be stored in response to the storage request from a source is received, encrypted 

6 using a selected encryption key and the encrypted digital data stored on a storage 

7 medium; and 

8:3 ii. in response to a retrieval request requesting retrieval of digital data, retrieving least 

9tJl one selected portion of the encrypted digital data to be retrieved from the storage 

10jr medium, decrypted using a selected decryption key, and the decrypted digital data 

1 lL being provided to a destination; and 

Hp B. a sanitization control step in which, in response to a sanitization request, the decryption key 

1 3U is made unavailable for decryption, thereby disabling the decryption of the encrypted digital 

14 data stored on the storage medium. 

1 27. A method as defined in claim 26 in which the storage control step includes the step of making 

2 use of a symmetric key encryption and decryption methodology in encrypting the digital data and 

3 decrypting the encrypted digital data. 
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18. A method as defined in claim 26 in which the storage control step includes the step of making 
of an asymmetric key encryption and decryption methodology in encrypting the digital data and 
decrypting the encrypted digital data. 

29. A method as defined in claim 26, in which the storage control step includes the step of making 
use of the decryption key stored in a decryption key store in decrypting the encrypted digital data. 

30. A method as defined in claim 29 in which the sanitation control step includes the step of making 
the decryption key unavailable by wiping the decryption key from the decryption key store. 

3 1 . A method as defined in claim 30 in which the sanitation control step includes the step of wiping 
the decryption key from the decryption key store by erasing the decryption key store. 

32. A method as defined in claim 26, the method further comprising a key generator step of 
generating the decryption key. 
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33. A method as defined in claim 32 in which the key generator step includes the step of generating 
the decryption key from two bit patterns provided thereto using a predetermined generation 
methodology. 

34. A method as defined in claim 33 in which the key generator step includes the step of generating 
the decryption key by concatenating the bit patterns together. 

35. A method as defined in claim 33 in which the key generator step includes the step of generating 
the decryption key by exclusive-ORing the bit patterns together. 

36. A method as defined in claim 33 in which the key generator step includes the step of storing the 
decryption key in a decryption key store, and the sanitation control step includes the step of making 
the decryption key unavailable by making the decryption key and at least one of the bit patterns 
unavailable. 
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